SOC 3 Services

SOC 3 Reports

SOC 3 reports are a very important component of reporting on controls at service organizations, with many technology entities now moving forward with SOC 3 compliance. The five (5) Trust Services Criteria (TSC) that are used for reporting on SOC 3 allow service organizations to demonstrate a high degree of confidence to stakeholders regarding the risks inherent to their environments, as well as the controls in place to address those risks.

SOC 3 reporting, because of its rather large scope (you can include all 5 TSP) and its applicability to many technology and cloud-computing businesses, will continue to evolve as a viable reporting option when SOC 1 (or even SOC 2) is not conducive. Please contact us at 1-800-277-5415, ext. 706 to speak with Christopher G. Nickell, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. today.

WebTrust

Please note that the actual WebTrust assurance platform is designed for businesses with e-commerce systems, as this allows a licensed practitioner to report on an organization's framework and supporting controls regarding online privacy (i.e., the "Privacy" TSP), consumer protection (i.e., the "Processing Integrity" TSP), and other essential principles within the TSP.

Thus, a WebTrust Certification (or seal) is provided to an organization who successfully adheres to the WebTrust assurance services, for which interested parties can view the seal, along with clicking the link embedded from the AICPA within the seal to view the supporting audit report.

SysTrust

SysTrust, on the other hand is more broad-based, and provides a platform suitable for reporting on a wide variety of I.T. systems within an organization. Specifically, SysTrust assurance services are designed to cover the following subject areas: